1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Commit Graph

4098 Commits

Author SHA1 Message Date
Florent Daigniere
b3f534a6ac Wizard.html should still be the default destination 2022-11-24 16:37:42 +01:00
Florent Daigniere
d0631558c7 Remove Swarm everywhere.
This hasn't been tested
2022-11-24 16:23:53 +01:00
Florent Daigniere
3721a6aa02 Merge branch 'master' of https://github.com/Mailu/Mailu into HEAD 2022-11-24 15:20:01 +01:00
bors[bot]
2104c04e3b
Merge #2544
2544: Fix #2242: Make quotas adjustable in 50MiB increments r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make quotas adjustable in 50MiB increments

### Related issue(s)
- closes #2242

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 14:18:10 +00:00
Florent Daigniere
4c3c628ca4 dedup 2022-11-24 14:59:11 +01:00
Florent Daigniere
19bd9362d3 As suggested by ghost 2022-11-24 14:56:26 +01:00
Florent Daigniere
f1e5044dbe Add to the list, sort it 2022-11-24 14:39:12 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
02f2679dc4 name collision 2022-11-24 13:51:54 +01:00
Florent Daigniere
b08d940d09 See https://github.com/decalage2/oletools/issues/659 2022-11-24 13:06:59 +01:00
Florent Daigniere
d77bf119f8 towncrier 2022-11-24 12:47:13 +01:00
Florent Daigniere
a8061f3ed3 doh 2022-11-24 12:25:41 +01:00
Florent Daigniere
12117cef37 Reduce the scope of the try: except 2022-11-24 12:16:25 +01:00
Florent Daigniere
612db96209 Block executable file extensions (closes #2511) 2022-11-24 12:09:15 +01:00
Florent Daigniere
709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2022-11-24 12:04:03 +01:00
Florent Daigniere
3bdc57adbc Forgot this 2022-11-24 11:40:10 +01:00
Florent Daigniere
32d44b96c3 Fix the logic 2022-11-24 11:22:43 +01:00
Florent Daigniere
e43effab63 Glad there is a test 2022-11-24 11:08:13 +01:00
Florent Daigniere
d793c5eed8 Dup symbol 2022-11-24 11:01:12 +01:00
Florent Daigniere
1327f34c2c Add tests to ensure we block macros 2022-11-24 10:48:25 +01:00
Florent Daigniere
e03d91a1ec Merge remote-tracking branch 'upstream/master' into oletools 2022-11-24 10:35:03 +01:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00
Florent Daigniere
63a12d9857 changes requested by ghost 2022-11-24 10:00:00 +01:00
Florent Daigniere
546884d10c ghost's requested changes 2022-11-24 09:31:27 +01:00
bors[bot]
5a7d73dc3d
Merge #2554
2554: Rollback to mysql-connector-python==8.0.29 r=mergify[bot] a=nextgens

See #2553

## What type of PR?

bug-fix

## What does this PR do?

Rollback to mysql-connector-python==8.0.29

### Related issue(s)
- closes #2553 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 19:20:57 +00:00
Florent Daigniere
7e1ab7978e Block VBA Stomping too 2022-11-23 18:56:16 +01:00
Florent Daigniere
4881e0db2a ghost is right, it should be pinned here too 2022-11-23 17:15:03 +01:00
Florent Daigniere
c1144612be
fix sorting 2022-11-23 17:13:15 +01:00
Florent Daigniere
4d8bd210c5
Update run_dev.sh 2022-11-23 17:07:48 +01:00
Florent Daigniere
ee512112fb
fix flask db history 2022-11-23 17:07:19 +01:00
Florent Daigniere
adacf579fc Rollback to mysql-connector-python==8.0.29
See #2553
2022-11-23 15:49:58 +01:00
Florent Daigniere
3e45a791cf Implement oletools to filter out bad macros 2022-11-23 15:42:46 +01:00
bors[bot]
9c6e9b05db
Merge #2543
2543: Fix #2231: make public announcements work r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure public announcements bypass filters.

They can still time-out... but this is already a big improvement that we should be able to backport.

### Related issue(s)
- closes #2231

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 09:32:17 +00:00
Florent Daigniere
9fa3a3e0c7 doc 2022-11-22 10:17:10 +01:00
Florent Daigniere
e94f6eaf33 towncrier 2022-11-22 10:11:23 +01:00
Florent Daigniere
9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2022-11-22 10:03:38 +01:00
bors[bot]
6a3daa75ac
Merge #2539
2539: Upgrade alpine, make setup use the base image r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade alpine, make setup use the base image, introduce a health-check, drop privileges. Drop privileges on admin too.

It may or may not help #2536

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 18:16:26 +00:00
Florent Daigniere
f994c8687e doh 2022-11-21 18:12:11 +01:00
Florent Daigniere
44c47586ea Fix potential permission problems 2022-11-21 17:50:57 +01:00
Florent Daigniere
d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2022-11-21 17:22:15 +01:00
bors[bot]
c1da586444
Merge #2526
2526: Upgrade Snappymail to 2.21 and merge the webmail containers r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade Snappymail to 2.21 and merge the webmail containers. This will make the CI faster and should simplify things going forward (hardening but also allow running more than one webmail at the time, ...).

- enable APCu
- add new test to ensure we redirect to SSO and have disabled the admin panel
- add all the packaged dictionaries for spell checking
- harden the configuration of the webmails a bit (more to come in a separate PR)
- turn off deprecation warnings (php8.1 is too new)
- turn off error reporting (log them instead)
- return HTTP302 when we should
- gpg-verify the signature of the webmails we ship
- upgrade to snappymail 2.21, switch to the new json config format
- use socrates as it's meant to so that helm users can do their thing
- run the HTTPd and PHP as different users
- redirect the PHP errors to stderr

## Related issue(s)
- closes #2466
- closes #948
- closes #2250

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 15:28:57 +00:00
Florent Daigniere
ab852772f9 Bump snappymail to 2.21.3 2022-11-21 16:04:00 +01:00
Florent Daigniere
28d720bbc9 As requested 2022-11-21 14:54:36 +01:00
bors[bot]
d650a9cc0f
Merge #2548
2548: Fetchmail improvements (2) r=mergify[bot] a=nextgens

Follow-up to #2529

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 10:04:37 +00:00
Florent Daigniere
45b01db9de Fix the language switcher 2022-11-21 11:01:01 +01:00
Florent Daigniere
3fc0a0e7fa Merge branch 'master' of https://github.com/Mailu/Mailu into fetchmail-improvements 2022-11-21 10:40:02 +01:00
Florent Daigniere
4da2db1b0b add comment as requested 2022-11-21 10:38:44 +01:00
Florent Daigniere
c79e8d3852 Fix display bug 2022-11-21 10:37:36 +01:00
bors[bot]
553b02fb3d
Merge #2529
2529: Improve fetchmail r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies

### Related issue(s)
- closes #1231 
- closes #2246 
- closes #711

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-11-21 09:28:15 +00:00
bors[bot]
31c6c26ec8
Merge #2547
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.

### Related issue(s)
- closes #2541 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-20 16:55:19 +00:00